Zero truth security

For enterprises to dramatically reduce the damage from breaches, experts say that implementing the concept of "zero trust" in security is probably the best hope we have.

But confusion about which security tools can genuinely help to deliver on the promise of zero trust, and which ones are just faking it, is a growing problem.

• Without a doubt, zero trust is “the most abused and the most misunderstood term in security today,” said Heath Mullins, a senior analyst at Forrester.
• The potential is huge for improving security by adopting the principles associated with zero trust, such as bringing stronger control over access to corporate resources and ensuring that users aren’t authorized to do more than is necessary for their role.
• But with all of the misappropriation of the idea, information security practitioners are pretty burned out on the term at this point, said Matthew Prince, co-founder and CEO at Cloudflare.
• “Literally every vendor is saying, ‘We do zero trust,’” Prince told me. “The risk is that if everything is zero trust, then maybe nothing is.”

The majority of organizations, 80%, now see zero-trust security as a priority, according to a recent survey from the Cloud Security Alliance. But zero trust is not something you can buy in one package.

• There are plenty of tools that can help an organization start to embrace the concept — including across identity security, access management, and network segmentation — but no single product that can deliver the whole thing.
• Still, zero trust “isn’t every single security control in your environment” either, Illumio co-founder and CEO Andrew Rubin said during a recent online panel hosted by Protocol.
• In particular, traditional firewalls meant to support the corporate “perimeter” are clearly not capable of helping with zero trust.
• Rather than placing limits on what users are trusted to do, the traditional network security approach is the opposite of zero trust since it’s about defining the trusted local area network. “And so when I hear traditional firewall vendors saying, ‘We’re doing zero trust,’ that’s where I’m like, ‘That just doesn’t make any sense,’” Prince said.

A rule of thumb for determining if a product has anything to do with zero trust or not: If it lines up with the recommendations in a key NIST publication on zero trust, then it has a valid claim to the term, according to Kapil Raina, vice president of zero-trust marketing at CrowdStrike.

• “Don’t listen to a vendor when they talk about [the definition of] zero trust,” he said. “It is going to be biased.”

Read the full story here.

A MESSAGE FROM CAPITAL ONE SOFTWARE

Many business leaders aren’t sure where to begin when it comes to migrating to the cloud. To help organizations adapt to this revolution, Capital One launched Capital One Software, a new enterprise B2B software business focused on providing cloud and data management solutions.

Learn more

Take it to the limit

Developing software and chips to tackle AI applications has for years been at the core of Nvidia’s mission, and it’s something founder and CEO Jensen Huang talks about at just about every turn.

Jensen and his wife, Lori Huang, announced a $50 million donation to Oregon State University on Friday evening that will help fund a new $200 million Innovation Complex. The new complex, which will be named after Huang and his wife, will include a supercomputer built around Nvidia’s AI clusters that will be capable of training the largest AI models and performing digital twin simulations that will help researchers in climate science, materials science, and robotics, among other fields.

Protocol had a chance to catch up with Jensen and Lori Huang this week over a video conference to discuss the reasons for the donation, whether Moore’s law is truly dead, and why AI is such a crucial tech for universities to invest in.

“The semiconductor industry is near the limit. It’s near the limit in the sense that we can keep shrinking transistors but we can’t shrink atoms — until we discover the same particle that Ant Man discovered. Our transistors are going to find limits and we’re at atomic scales. And so [this problem] is a place where material science is really going to come in handy,” Jensen Huang said.

Read the full interview here.

It’s not privacy vs. security anymore

In the last few years, the roles of privacy and security executives — and the budgets they control — have grown significantly as organizations have worked to stymie the growing threat of cyberattacks and navigate the ever-changing landscape of data regulation. But good privacy and security strategies are often as much about people as they are policy, and the push and pull between the two remits can sometimes create friction within an organization.

Financial corner

TripActions raised $154 million at a valuation of $9.2 billion for its corporate travel and expense software.

Factorial raised $120 million to build HR tech for small and medium-sized businesses.

DataGrail raised $45 million to automate data privacy assessments.

Stairwell raised $45 million for its cybersecurity threat detection platform.

Katana raised $34 million to build an enterprise resource planning system for small and medium-sized manufacturers.

Around the enterprise

American executives working for Chinese chip companies have some tough decisions to make after the Biden administration’s new export controls on chip technology, according to The Wall Street Journal.

Google introduced KataOS, a new operating system designed to run machine-learning applications on embedded devices, or computers that need to run under severe physical constraints.

A MESSAGE FROM CAPITAL ONE SOFTWARE

The flexibility of the cloud helps companies like Capital One unlock access to their data with performance that can scale instantly. But this flexibility and scale can also create a unique challenge for organizations and users who are not proficient in cloud optimization.

Learn more